Short Takes – 4-6-23

Can a White House initiative compel tech companies to write safer code? Cyberscoop.com article. Interesting look at the potential complexities of software liability changes. Pull quote: “Security researchers broadly agree that it’s important that a future software liability regime does not expose open source software developers to lawsuits, but at the same time, software makers are continuing to ship code that relies on software libraries with known vulnerabilities. “That’s just no longer acceptable,” says Megan Stifel, the chief strategy officer for the Institute for Security and Technology.”

Drone-on-Drone Combat in Ukraine Marks a New Era of Aerial Warfare. ScientificAmerican.com article. Pull quote: ““We can retrain air defenses to look for smaller radar cross sections, but then they’ll pick up every bird that flies by,” says Sarah Kreps, director of the Cornell Brooks School Tech Policy Institute. “So it’s a real sensor problem that countries like the U.S. have spent billions trying to solve—not unlike when the U.S. spent [heavily on] countering improvised explosive devices that were far less expensive or sophisticated than systems our militaries had been trained to destroy. These are essentially flying IEDs that have foiled militaries in similar ways, creating asymmetric advantages that have been difficult to counter.””

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds. DarkReading.com article. Pull quote: “The technique, dubbed a Near-Ultrasound Inaudible Trojan (NUIT), exploits voice assistants like Siri, Google Assistant, or Alexa and the ability of many smart devices to be controlled by sound. According to researchers at the University of Texas at San Antonio (UTSA) and the University of Colorado at Colorado Springs (UCCS), most devices are so sensitive that they can pick up voice commands even if the sounds are not in the normal frequency range of human voices.”

IChemE Urges Chemical Engineers to Combat Cybersecurity. ChemicalProcessing.com article. Pull quote: ““I call on chemical engineers to be proactive, to undertake cybersecurity training and include cybersecurity when developing processes to manage risks. I would also encourage them to implement processes which deliver the most effective response should the worst happen. Companies are taking cybersecurity seriously, and so should our profession,” says Helen Kilbride, chair of IChemE’s Digitalization Technical Advisory Group (DigiTAG).”

Sector Outreach and Programs Online Meeting Registration Tool. Federal Register CISA 60-day ICR renewal notice. Covers Chemical Security Summit registration and ChemLock registration. No programmatic changes, increased burden estimate due to increase in responses per recent history. Comment deadline: June 5^th, 2023.

Underground Natural Gas Storage Public Meeting. Federal Register PHMSA meeting notice. Summary: “This notice announces that PHMSA will host a two-day public meeting titled: “Safety of Underground Natural Gas Storage Public Meeting” in Broomfield, Colorado. PHMSA is hosting this meeting as part of its core mission to improve safety through better communications between PHMSA and its stakeholders. The purpose of the public meeting is to share important safety information with the public and industry, as well as gather input to inform future rulemaking decisions.” Meeting dates: May 16^th and 17^th, 2023.

Hazmat on the Rail. DomesticPreparedness.com article. A look at planning for a rail hazmat incident response. Pull quote: “The response to a hazmat incident begins with preparation and planning. Local emergency management, response organizations, and railroads are all important stakeholders. Preparedness and planning should not be an afterthought but an integral building block to a successful response. Railroads are training thousands of responders each year as part of a tremendous outreach initiative to recognize, identify, and notify the railroad during an incident.”

The Dangerous Weak Link in the US Food Chain. Wired.com article. No ISAC for food and Ag sector. Pull quote: “The food and agriculture sector was one of the first to launch such a center, in 2002, but it disbanded in 2008 because few companies were sharing information through it. Members were afraid that such openness jeopardized their competitive advantages and exposed them to regulatory action. Now, Sachs says, businesses worry that exchanging information with each other could prompt antitrust lawsuits, even though such collaboration is legal.”